Skip to main content

DosDetection

BitNinja has a built-in module for monitoring current active connections and interfering in case of a potential denial of service attack. If there are more than 80 connections from a single IP, BitNinja detects it as an attack. The 80 threshold can be configured on a per port basis.

Configuration

The thresholds can be changed in the config file: /etc/bitninja/DosDetection/config.ini.

;
; Thresholds set to DoS Detection
;
[tresholds]

general = 80
; Threshold for remote SMTP servers.
remote[25] = 200
remote[53] = 200
; Threshold for local ports
local[22] = 40

;You can set restrictions for remote and local ports. For example to change
;the number of connections allowed to the default IMAP4 port (143) you can do this:

local[143] = 150

When BitNinja detects a DoS attack, it will block the IP for 1 minute and then place it to the challenge list allowing the user to delist his/her IP. To change the default threshold, you can modify /etc/bitninja/IpFilter/config.ini or add this section with the proper value:

[times]
;
; Temporary block list time in DoS suspicious requests; default: 60
;
tmp_bl_sec = 60

You can read more about the challenge list on the Capthcha HTTP page.

Don't forget to restart BitNinja after creating the custom restrictions.

service bitninja restart